Visit Official SkillCertPro Website :-
For a full set of 410 questions. Go to
https://skillcertpro.com/product/microsoft-sc-900-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 1:
Which of the following technologies verifies if the contents of a message are tampered with?
A. Hashing
B. Signing
C. Encryption
D. Encoding
Answer: B
Explanation:
Signing (with the help of digital signatures) verifies if the contents of a message are tampered. Signing is the correct choice.
Encryption is the process of changing/altering a message, so a hacker only sees garbage.
Hashing converts/alters a text to a hash value (looks encrypted). Hashing is used to store passwords so that only the user knows his password.
Encoding converts data from one format to another. A typical example is audio/video encoders which reduce the size of audio/video files.
Reference Link: https://docs.microsoft.com/en-us/learn/modules/describe-security-concepts-methodologies/6-describe-ways-encryption-hashing-signing-secure-data
Question 2:
Which of the following is NOT one of the steps in creating a custom trainable classifier?
A. Create prediction model
B. Test the model
C. Manual review
D. Choose a model
Answer: D
Explanation:
The four steps in creating a custom trainable classifier are:
· Add seed content (samples in a single category. For example, patent documents),
· Create a trainable classifier (prediction model) [with seed content],
· Test the model (with both good [patent docs] and bad [Resumes, vendor contracts] examples), and,
· Manual review (Verify if each prediction is correct. This feedback improves the model’s accuracy).
Generally, for a machine learning task, selecting a learning algorithm is one of the steps in the process. However, for this classification task, you don’t need to choose/know the algorithm that’s behind the scenes.
Since it is not one of the steps in creating a custom trainable classifier, the option Choose a model is the correct answer.
Reference Link:
https://docs.microsoft.com/en-us/learn/modules/describe-information-protection-governance-capabilities-microsoft-365/3-describe-data-classification-capabilities-compliance-center#trainable-classifiers
Question 3:
You create a custom trainable classifier to classify pricing information in your organization. To test the model, you use seed content. Is it the correct approach?
A. Yes
B. No
Answer: B
Explanation:
Seeding is the feeding of positive samples (in a single category, here, pricing contracts) that a human carefully selects.
Seed content helps to accurately train a classifier to predict an item in a particular category (pricing).
Once you build a prediction model (classifier) with seed content, you test the model’s accuracy with a mix of both positive (pricing info) and negative (M&A deals, IP documents, patents, etc.) samples. This test content is different than the seed content.
So, you use seed content to build a prediction model, not test the model. The correct answer choice is No.
Reference Link: https://docs.microsoft.com/en-us/microsoft-365/compliance/classifier-get-started-with?view=o365-worldwide#seed-content
https://docs.microsoft.com/en-us/learn/modules/describe-information-protection-governance-capabilities-microsoft-365/3-describe-data-classification-capabilities-compliance-center#trainable-classifiers
Question 4:
A global investment bank wants to restrict collaboration (for example, sharing files from OneDrive) between their Asset management division and Corporate Advisory group.
Which of the following solutions in Microsoft 365 will help?
A. Insider risk management
B. Privileged access management
C. Customer Lockbox
D. Information barriers
Answer: D
Explanation:
Information barriers restrict communication between groups within an organization. Microsoft 365 solutions like Microsoft Teams, SharePoint Online, and OneDrive for Business support information barriers.
Since both the Asset Management division and the Corporate Advisory groups are separate divisions within the same organization, the option Information barriers is the correct choice.
Reference Link: https://docs.microsoft.com/en-us/learn/modules/describe-insider-risk-capabilities-microsoft-365/4-describe-information-barriers
Privileged access management allows granular access to privileged admin tasks in Microsoft 365 for users within an organization.
Reference Link: https://docs.microsoft.com/en-us/learn/modules/describe-insider-risk-capabilities-microsoft-365/5-describe-privileged-access-management
Customer Lockbox allows granular access to the organization’s content in Microsoft 365 locations to Microsoft (cloud provider).
Reference Link: https://docs.microsoft.com/en-us/learn/modules/describe-insider-risk-capabilities-microsoft-365/6-describe-customer-lockbox
So:
· Privileged access management (for users within an organization)
· Customer Lockbox (between Microsoft and the organization)
· Information barriers (between an organization’s departments)
Insider risk management helps minimize internal risks in an organization. It doesn’t restrict collaboration between an organization’s departments.
Reference Link: https://docs.microsoft.com/en-us/learn/modules/describe-insider-risk-capabilities-microsoft-365/2-management-solution
Question 5:
In Microsoft 365 Defender, you can proactively find threats across devices, emails, apps, and identities with hunting.
Is the statement correct?
A. Yes
B. No
Answer: B
Explanation:
This is a slightly tricky question.
Hunting and Advanced hunting are two features with similar capabilities in Azure Sentinel and Microsoft 365 Defender respectively.
In Azure Sentinel, Hunting proactively hunts for threats across your organization’s data sources.
Reference Link: https://docs.microsoft.com/en-us/learn/modules/describe-security-capabilities-of-azure-sentinel/3-describe-sentinel-provide-integrated-threat-protection#hunting
In Microsoft 365 Defender, Advanced hunting, not hunting, proactively searches for malware, suspicious files in your devices, emails, and cloud apps.
So, the correct answer is No.
Reference Link: https://docs.microsoft.com/en-us/microsoft-365/security/defender/advanced-hunting-query-emails-devices?view=o365-worldwide
For a full set of 410 questions. Go to
https://skillcertpro.com/product/microsoft-sc-900-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.
Question 6:
Which of the following is an example of encryption at rest?
A. Using HTTPS to access cloud services
B. Encrypting an Azure VM’s disk
C. Using VPN to access your corporate resources
D. Sign into an Azure VM by using RDP
Answer: B
Explanation:
Encryption at rest encrypts data stored at a single location.
Data in an Azure Virtual Machine’s disk is stored in a single location. Encrypting a disk is an example of encryption at rest. Other examples include encrypting data on your hard drive/laptop/flash drive.
Option Encrypting an Azure VM’s disk is the correct choice.
Reference Link: https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest#encryption-at-rest-for-iaas-customers
Encryption in transit encrypts data that’s actively moving from one location to another.
For RDP sessions, data travels from a client to a remote machine. Option Sign into an Azure VM by using RDP is incorrect.
Reference Link: https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview#rdp-sessions
For VPN connections, your mobile workforce connects to your corporate resources from home. Option Using VPN to access your corporate resources is incorrect.
Reference Link: https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-overview#azure-vpn-encryption
For HTTPS access to cloud services, data travels between cloud customers and data centers.
Option Using HTTPS to access cloud services is incorrect.
Reference Link: https://docs.microsoft.com/en-us/learn/modules/describe-security-concepts-methodologies/6-describe-ways-encryption-hashing-signing-secure-data (general, for all scenarios)
Question 7:
Which of the following defense in depth layer implements the Availability concern of the CIA principle?
A. Physical security
B. Identity and access
C. Perimeter
D. Data
Answer: C
Explanation:
CIA stands for Confidentiality, Integrity, and Availability. They represent security trade-offs in keeping your systems secure.
Defense in depth is a layered approach to security. Each of the defense in depth layers implements one or more of the CIA concerns.
Reference Link: https://docs.microsoft.com/en-us/learn/modules/azure-well-architected-security/2-defense-in-depth#defense-in-depth-a-layered-approach-to-security
The Perimeter layer implements the Availability concern of the CIA principle. By providing DDoS protection, it ensures that the services are available to users. Option Perimeter is the correct answer.
The Physical security layer implements the Confidentiality principle because it grants access only to authorized personnel. Option Physical security is incorrect.
The Identity & Access layer implements the Integrity principle because it gives access only after verifying who the user they claim to be. Option Identity & access is incorrect too.
The Data layer implements the Integrity principle because data encryption at rest/in transit prevents unauthorized changes to the information. Option Data is an incorrect choice.
Question 8:
Which Microsoft portal provides information about how Microsoft manages privacy, compliance and security?
A. The Microsoft 365 compliance center
B. Compliance Manager
C. Microsoft Service Trust Portal
D. Microsoft Support
Answer: C
Explanation:
C. Microsoft Service Trust Portal
Microsoft 365 compliance center: This is primarily for managing compliance within your organization using Microsoft 365 tools.
Compliance Manager: This is a deprecated service. While it might have existed in the past, it’s not the current source for information on Microsoft’s privacy, compliance, and security practices.
Microsoft Support: While Microsoft Support offers valuable resources, it’s not the central location for information on these broader topics.
Microsoft Service Trust Portal: This portal is the official source for information on how Microsoft manages privacy, compliance, and security for its cloud services. It provides detailed documentation, whitepapers, certifications, and risk assessments.
Therefore, the Microsoft Service Trust Portal is the most appropriate resource to learn about Microsoft’s approach to privacy, compliance, and security for its cloud services.
Sources:
https://learn.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance
Question 9:
_____________________ a file makes the data in the file readable and usable to authorized viewers only.
A. Archiving
B. Compressing
C. Deduplicating
D. Encrypting
Answer: D
Explanation:
Encryption is the process of making data unreadable and unusable to unauthorized viewers. To use or read encrypted data, it must be decrypted, which requires the use of a secret key.
https://docs.microsoft.com/en-us/learn/modules/describe-security-concepts-methodologies/6-describe-ways-encryption-hashing-signing-secure-data?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.wwl.describe-concepts-of-security-compliance-identity
Question 10:
______________________ provides traffic filtering that can be applied to specific network interfaces on a virtual network.
A. Azure Bastion
B. Azure Firewall
C. Network Security Groups (NSG)
Answer: C
Explanation:
Network security groups (NSGs) let you allow or deny network traffic to and from Azure resources that exist in your Azure virtual network; for example, a virtual machine. When you create an NSG, it can be associated with multiple subnets or network interfaces in your VNet. An NSG consists of rules that define how the traffic is filtered.
https://docs.microsoft.com/en-us/learn/modules/describe-basic-security-capabilities-azure/2-describe-azure-network-security-groups?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.wwl.describe-capabilities-of-microsoft-security-solutions
For a full set of 410 questions. Go to
https://skillcertpro.com/product/microsoft-sc-900-exam-questions/
SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
SkillCertPro updates exam questions every 2 weeks.
You will get life time access and life time free updates
SkillCertPro assures 100% pass guarantee in first attempt.